CVE-2009-2373

Drupal 6.x < 6.13 - Cross-Site Scripting in Forum Module

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

Core 3
Core References
Exploit, Patch x_refsource_confirm
http://drupal.org/node/507572
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35681
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55524

Scores

EPSS 0.0024
EPSS Percentile 46.8%

Details

CWE
CWE-79
Status published
Products (32)
drupal/drupal 5.0 (5 CPE variants)
drupal/drupal 5.1
drupal/drupal 5.1_rev1.1
drupal/drupal 5.2
drupal/drupal 5.3
drupal/drupal 5.4
drupal/drupal 5.5
drupal/drupal 5.5.
drupal/drupal 5.6
drupal/drupal 5.7
... and 22 more
Published Jul 08, 2009
Tracked Since Feb 18, 2026